I have done a django web app in which users can input some data. I have created a super user and as the admin of the app I can see the data input by users which is fine for name and not sensitive data but I do not want to be able to see their sensitive data such as health data.
I have used the encrypt module from django_cryptography.fields as follow:
health_data = encrypt(models.IntegerField(default=140))
I figured out that if I am looking at the database from external script or simple DBbrowser, it works well as I cannot see the sensitive data. But I understood that this is seamless in the django admin: in django admin page it is decrypting before it is rendered.
So I am ok with the encrypt data which is additional safety but this was not my first goal. I want to have the super user but I want that I am not able to see their sensitive data. Do you have any ideas ? I appreciate your time reading.
As suggested here I changed my admin code from this:
from django.contrib import admin
from .models import MyModel
# Register your models here.
admin.site.register(MyModel)
to this:
#admin.register(MyModel)
class MyModelAdmin(admin.ModelAdmin):
# avoid admin can see the sensitive data in admin page
fields = ("non_sensitive_field1", "non_sensitive_field2",...,)
By this way I customize the rendered fields in admin page. I cannot see anymore the sensitive data from users in the admin page which is the behavior I wanted.
Related
I am trying to add a non-model form in django admin interface and am not able to find any particular way to do it. This form would do some processing and change some data in the DB. But this is not related to a particular Model and should stand out. This form should not be available for the user to use.
One thing I can do is add the form to the general view and prohibit using permissions but I was thinking since django admin interface already exists, it would be better to add that to the django admin interface.
Is this possible to do in Django?
You can add arbitrary views that within a ModelAdmin that do whatever you want. See the documentation for ModelAdmin.get_urls. You can do the same at a higher level by defining AdminSite.get_urls.
Basically the admin changelist view has a lot of nice features like sorting, filtering, field list, pagination...
Can I borrow that functionality and use it in my public users site? I was thinking to have class-based view called Cars and borrow all those features from the admin site.
I thought that ModelAdmin would be a place to look, but I have no idea to implement that.
The django-table2 app is more reasonable option for such task than the admin's changelist.
Actually I ended up using django admin for this site instead of developing a public site. Plus on top of this I used django-grappelli to customize the dashboard and make it look like a custom site.
So now I have two admin sites:
1- is the default django/grappelli site that has all the links and functions of the traditional admin site. and this was only used by developers and super users
2- a custom admin site called dashboard that looks more user friendly, and have customized all the look and feel, plus it has the change list, change form of my models so I don't have to rewrite these functions.
and this is how it looks now:
How would I add a rich-text HTML content editor in my Django admin view?
For example, if I want to change the content on my homepage, what python code would I have to input for the HTML to be displayed when I log into the admin portal?
I want to be able to view all of my pages (hopefully even be able to add/delete them), and edit the content directly from the admin view. Similar to something like this:
http://feincms-django-cms.readthedocs.org/en/latest/_images/item_editor_content.png
I appreciate any and all help! Thank you!
The html shown there is there cuz it is in the database. If what you want is a cms, there are several of those for django like django-cms, wagtail, mezzanine among others.
If, on the other hand, you have a model already and want to display it in the admin, you can register it:
from django.contrib import admin
from myproject.myapp.models import Author
class AuthorAdmin(admin.ModelAdmin):
pass
admin.site.register(Author, AuthorAdmin)
In that example, the Author model will show up in admin for edition.
In the last case, where you already have your model registered but you want to have a WYSIWYG editor, check the django-grid for that kind of package and find one suitable, or install one manually.
You have several options in case you want to try the second approach: ckeditor, tinymce, etc.
I've noticed that after I log in with Django registration it redirects me to accounts/profile/. By default Django registration's url.py doesn't handle accounts/profile/, so I need to create my own.
Actually this questions is three-fold:
Why does after logging in, it redirects to accounts/profile/? Is there a way to change that? Preferably after successfully logging in I would like Django to redirect back to the page before the login page.
If I were to create my own view and template for accounts/profile/, then where should I put it? Django's built-in users (auth_user) is shared among all Django apps inside a project, so should I place the view.py in the project folder and not inside the app folder?
Or does Django profile actually takes care of this whole account/profiles/ thing? I already extended Django's User class with my own UserProfile, but it's more like additional fields to the User table than an actual "profile" (I didn't create avatars or anything like that, just simple stuff like addresses and phone numbers, but most importantly, some custom user types that my app depends on).
Why does after logging in, it redirects to accounts/profile/? Is there
a way to change that? Preferably after successfully logging in I would
like Django to redirect back to the page before the login page.
Just change setting LOGIN_REDIRECT_URL
If I were to create my own view and template for accounts/profile/,
then where should I put it? Django's built-in users (auth_user) is
shared among all Django apps inside a project, so should I place the
view.py in the project folder and not inside the app folder?
I like to create an app called "project_specific" in every project. That's where I put all the stuff that's not meant to be reusable and that couples many apps.
You can also create a views.py at the project level, but that is sort of messy compared to making a project specific app.
In reality it does not matter where you put it.
Or does Django profile actually takes care of this whole
account/profiles/ thing? I already extended Django's User class with
my own UserProfile, but it's more like additional fields to the User
table than an actual "profile" (I didn't create avatars or anything
like that, just simple stuff like addresses and phone numbers, but
most importantly, some custom user types that my app depends on).
That's not the way to add extra user fields. I recommend that you read the docs on Storing additional information about users.
For a minimal approach that doesn't require a standalone app,
Create a template and call it profile.html or anything you want.
<p>This is your profile, {{ user.username }}.</p>
In urls.py, add a url pattern that points to your profile template, mark it login_required, and give the url a name:
# ...
from django.views.generic import TemplateView
from django.contrib.auth.decorators import login_required
urlpatterns = [
# ...
url(r'^accounts/profile/$', login_required(TemplateView.as_view(template_name='profile.html')), name='user_profile'),
# ...
]
In settings.py, add the following line:
LOGIN_REDIRECT_URL = 'user_profile'
This line tells Django to perform a reverse URL lookup by name when redirecting a user after a login. Without this line, your app will still work but it will be fragile because it relies on an arbitrary hard-coded URL that is implicitly configured by Django. With this line, if you or someone else decides that user profiles should be at /me/, you could change the URL in step 2 without breaking your app.
Set LOGIN_REDIRECT_URL in settings - https://docs.djangoproject.com/en/dev/ref/settings/#login-redirect-url
Create account app, where contains code for this.
You may use django userena for full-stack user area: https://django-userena.readthedocs.org/en/latest/
Is there any ready apps for django admin, that allows to edit model in popup?
I want next functionallity:
View edit form for model in popup.
On model save - update row in list of models.
Motivation: reduce page reloads.
Also, if there any solutions oriented on massive manual data updates for django? I've taken a look at django grappelli - it improves view of data, but edit data is still not usable.
P.S.: If such kind of app is not available - I'll start open source project.
If you want to open a popup, simply create a link to your 'add' view with the following attribute on that link onclick='return showAddAnotherPopup(this);'
You can do most of what you ask there (at least point 1 and 2) using the django built in admin customisations.
Have a look at https://docs.djangoproject.com/en/dev/ref/contrib/admin/
The django admin itself already uses some things similar to this, pay special attention to the django _popup=1 variable in the request URI.
You will have to add a custom modelname_change_list.html file to provide some javascript and in the ModelAdmin override the delet_view, change_view, response_add and potentially response_change.